It may also cause cancer, so there’s that as well.
Your bluetooth device (headset, 2FA fob, keyboard, whatever) turns out to be insecure. And not fixable. Third parties can force your key length down to one byte. What a clusterfuck.https://knobattack.com/
-
-
-
Horseshit.
-
I don't care if 5000 people or 50 million people who haven't read the literature sign an appeal. This has been studied intensively for decades. There are no good studies supporting the idea and lots of good studies saying there's no risk.
-
There is only one question in science: it isn't how many people believe things, or how good the credentials of someone who believes are. If you test a hypothesis, and it isn't supported by experiment, it's wrong. Who cares if 250 ignorant doctors signed something?
-
I got a nice flavorable pack of cigarettes to sell ya.
-
Studies clearly conclude that cigarettes cause cancer. Why do you believe those but not the ones that say radio frequency emissions don’t cause cancer? Is there some reason you trust science on one and not the other?
End of conversation
New conversation -
-
-
Actually that doesn't sound like it's unfixable, or do you have any other resources? All that needs to be done is (out of specification) do not allow small keylengths. Yeah, that needs an update on all devices. https://www.kb.cert.org/vuls/id/918987/ even mentions a solution.
-
There’s theory and there is real life. I guess the majority of BT devices are not auto-updatable (if at all), hence will never be updated, I recon.
-
But if the phones / computers on the other end of the connection are updated to disallow small keys, do we really care that the BT devices don't update?
-
Isn’t that naïve? As long as I can still force the BT IoT devices to accept small keys I can snarf and hijack them for fun & profit, can’t I?
-
As I understand it this attack doesn't let you pair with a device, but attacks an existing paired connection. If the IoT devices are talking to each other then you could snarf their communications, but if they talk to a phone/computer then my proposal would stop you.
-
What fraction of Android phones get updates these days? As for desktops, I have a friend, a very smart person, who whines at me when I suggest that they need to update their computer. People will be making hay from this for years.
-
Another big problem: I doubt that the people creating protocols are finally going to learn their lesson. Complexity kills, and radio links, which are exposed attack surfaces, keep getting more and more complicated, often needlessly.
-
BTW, one wonders if man-in-the-middle attacks are possible here that would only be fixable if both ends were updated. I need to think on that.
End of conversation
New conversation -
-
-
I knew there was probably a good reason to keep using wired keyboards.
-
I refuse to use wireless keyboards and mice. Always have. I don't trust them because I never trusted the wireless protocol specs.
-
Whilst they haven’t a perfect history, Logitech with their unifying receiver are currently a very acceptable way of ‘doing’ wireless keyboards and mice.
-
What makes you think those are secure?
-
(Let me put that differently: they've been attacked successfully. I don't see why we should prefer their security.)
-
Logitech pushed out a firmware update to remove the exploit. None of the OEMs are perfect, but how many even provide an option to update the firmware? Logitech at least reacted in the correct way.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.